Commit d6900121 authored by Stephane Crozat's avatar Stephane Crozat

Fixing CAS bugs, version operationnal : can connect via CAS and subscribe/unsubscribe

parent 2a5ba83c
......@@ -9,8 +9,8 @@ if (!isset($_SESSION['ticket'])) {
*/
include $_SERVER['DOCUMENT_ROOT'].'/apisub/lib/cas.php';
$cas = new CAS('https://cas.utc.fr/cas/','https');
$info = CAS::authenticate();
$cas = new CAS('https://cas.utc.fr/cas/','http');
$info = $cas->authenticate();
if ($info != -1) {
$_SESSION['ticket'] = $_GET['ticket'];
$_SESSION['utclogin'] = $info['cas:user'];
......@@ -19,7 +19,7 @@ if (!isset($_SESSION['ticket'])) {
$_SESSION['firstname'] = $info['cas:attributes']['cas:givenName'];
}
else
CAS::login();
$cas->login();
}
include $_SERVER['DOCUMENT_ROOT'].'/apisub/lib/db.php';
......
......@@ -6,12 +6,12 @@ class CAS {
private $server;
private $protocol;
function __construct ($server='https://cas.utc.fr/cas/', $protocol='https') {
public function __construct ($server='https://cas.utc.fr/cas/', $protocol='https') {
$this->server = $server;
$this->protocol = $protocol;
$this->protocol = $protocol;
}
public static function authenticate() {
public function authenticate() {
if (!isset($_GET['ticket']) || empty($_GET['ticket']))
return -1;
......@@ -29,12 +29,12 @@ class CAS {
}
public static function login() {
public function login() {
header('Location: '.$this->server.'login?service='.$this->protocol.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
}
public static function logout() {
public function logout() {
header('Location: '.$this->server.'logout?service='.$this->protocol.'://'.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']));//ou SCRIPT_NAME?
// On n'utilise pas REQUEST_URI sinon cela déconnecterait à l'infini.
}
......
......@@ -13,7 +13,7 @@ class DB {
}
}
public static function printHtmlBegin () {
public function printHtmlBegin () {
echo '<html>';
echo '<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/></head>';
echo '<title>Api Sub</title>';
......@@ -29,7 +29,7 @@ class DB {
function subList($utclogin) {
$sql = "SELECT code, name, year, semester, TO_CHAR(subdate,'DD/MM/YYYY') as subdate
FROM api JOIN subscribe ON api.code=subscribe.api
WHERE student='".$utclogin."'";
WHERE utclogin='".$utclogin."'";
$st = $this->conn->prepare($sql);
$st->execute();
$res = $st->fetchAll(PDO::FETCH_ASSOC);
......@@ -82,7 +82,7 @@ class DB {
}
function unsubToApi($utclogin, $api) {
$sql = "DELETE FROM subscribe WHERE student='".$utclogin."' AND api=".$api;
$sql = "DELETE FROM subscribe WHERE utclogin='".$utclogin."' AND api=".$api;
$res=$this->conn->exec($sql);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment